🔧 添加elk部署脚本

codes/deploy/elk/config/filebeat.yml

@@ -27,7 +27,7 @@ filebeat.prospectors:
   paths:
     #- /var/log/*.log
     #- c:\programdata\elasticsearch\logs\*
-    - /home/xyz/log/*.log
+    - /home/zp/log/*.log
 
   # Exclude lines. A list of regular expressions to match. It drops the lines that are
   # matching any regular expression from the list.

codes/deploy/elk/deploy.sh

@@ -0,0 +1,140 @@
+#!/usr/bin/env bash
+
+# 本脚本为一键式安装 ELK 脚本
+# 执行脚本前，请先执行以下命令，创建用户
+# groupadd elk
+# useradd -g elk elk
+# passwd elk
+
+# 获取当前设备IP
+IP=""
+getDeviceIp() {
+  IP=`ifconfig eth0 | grep "inet" | awk '{ print $2}' | awk -F: '{print $2}'`
+  if [ "$IP" ==  "" ]; then
+      IP=`ifconfig eth0 | grep "inet" | awk '{ print $2}'`
+  fi
+  if [ "$IP" ==  "" ]; then
+      IP=`ifconfig ens32 | grep "inet"|grep "broadcast" | awk '{ print $2}' | awk -F: '{print $1}'`
+  fi
+
+  if [ "${IP}" ==  "" ]; then
+    echo "     "
+    echo " 请输入服务器IP地址................ "
+    echo "     "
+    exit 0
+  else
+    echo "当前设备IP: $IP"
+  fi
+}
+
+# 检查文件是否存在，不存在则退出脚本
+checkFileExist() {
+  if [ ! -f "$1" ]
+  then
+    echo "关键文件 $1 找不到，脚本执行结束"
+    exit 0
+  fi
+}
+
+init() {
+  mkdir -p ${ELASTIC_SOFTWARE_PATH}
+  getDeviceIp
+}
+
+# 安装 elasticsearch
+installElasticsearch() {
+  cd ${ELASTIC_SOFTWARE_PATH}
+  wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-${version}.tar.gz
+  tar -xzf elasticsearch-${version}.tar.gz
+}
+
+installRuby() {
+  cd ${RUBY_SOFTWARE_PATH}
+  wget https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.0.tar.gz
+  tar -xzf ruby-2.5.0.tar.gz
+  cd ruby-2.5.0
+  ./configure
+  make & make install
+}
+
+# 安装 logstash
+installLogstash() {
+  cd ${ELASTIC_SOFTWARE_PATH}
+  wget https://artifacts.elastic.co/downloads/logstash/logstash-${version}.tar.gz
+  tar -xzf logstash-${version}.tar.gz
+}
+
+# 安装 kibana
+installKibana() {
+  cd ${ELASTIC_SOFTWARE_PATH}
+  wget https://artifacts.elastic.co/downloads/kibana/kibana-${version}-linux-x86_64.tar.gz
+  tar -xzf kibana-${version}-linux-x86_64.tar.gz
+}
+
+# 安装 filebeat
+installFilebeat() {
+  cd ${ELASTIC_SOFTWARE_PATH}
+  wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${version}-linux-x86_64.tar.gz
+  tar -zxf filebeat-${version}-linux-x86_64.tar.gz
+}
+
+# 替换 Elasticsearch 配置
+# 1. 替换 192.168.0.1 为本机 IP
+replaceElasticsearchConfig() {
+  cp ${ELASTIC_SOFTWARE_PATH}/elasticsearch-${version}/config/elasticsearch.yml ${ELASTIC_SOFTWARE_PATH}/elasticsearch-${version}/config/elasticsearch.yml.bak
+  sed -i "s/#network.host: 192.168.0.1/network.host: ${IP}/g" ${ELASTIC_SOFTWARE_PATH}/elasticsearch-${version}/config/elasticsearch.yml
+  touch ${ELASTIC_SOFTWARE_PATH}/elasticsearch-${version}/bin/nohup.out
+}
+
+replaceLogstashConfig() {
+  cp ${ELASTIC_SOFTWARE_PATH}/logstash-${version}/config/logstash.yml ${ELASTIC_SOFTWARE_PATH}/logstash-${version}/config/logstash.yml.bak
+  sed -i "s/# http.host: \"127.0.0.1\"/ http.host: ${IP}/g" ${ELASTIC_SOFTWARE_PATH}/logstash-${version}/config/logstash.yml
+  touch ${ELASTIC_SOFTWARE_PATH}/logstash-${version}/bin/nohup.out
+  cd ${ELASTIC_SOFTWARE_PATH}/logstash-${version}/bin
+  wget https://github.com/dunwu/linux-notes/blob/master/codes/deploy/elk/config/logstash-input-tcp.conf
+}
+
+# 替换 Kibana 配置
+# 1. 替换 localhost 为本机 IP
+replaceKibanaConfig() {
+  cp ${ELASTIC_SOFTWARE_PATH}/kibana-${version}-linux-x86_64/config/kibana.yml ${ELASTIC_SOFTWARE_PATH}/kibana-${version}-linux-x86_64/config/kibana.yml.bak
+  sed -i "s/#server.host: \"localhost\"/server.host: ${IP}/g" ${ELASTIC_SOFTWARE_PATH}/kibana-${version}-linux-x86_64/config/kibana.yml
+  sed -i "s/#elasticsearch.url: \"http://localhost:9200\"/#elasticsearch.url: \"${IP}\"/g" ${ELASTIC_SOFTWARE_PATH}/kibana-${version}-linux-x86_64/config/kibana.yml
+  touch ${ELASTIC_SOFTWARE_PATH}/kibana-${version}-linux-x86_64/bin/nohup.out
+}
+
+# 替换 Filebeat 配置
+replaceFilebeatConfig() {
+  cp ${ELASTIC_SOFTWARE_PATH}/filebeat-${version}-linux-x86_64/filebeat.yml ${ELASTIC_SOFTWARE_PATH}/filebeat-${version}-linux-x86_64/filebeat.yml.bak
+  cd ${ELASTIC_SOFTWARE_PATH}/filebeat-${version}-linux-x86_64
+  wget https://github.com/dunwu/linux-notes/blob/master/codes/deploy/elk/config/filebeat.yml
+  cp /home/zp/config/elk/filebeat.yml ${ELASTIC_SOFTWARE_PATH}/filebeat-${version}-linux-x86_64/filebeat.yml
+  sed -i 's/127.0.0.1/'"${IP}"'/g' ${ELASTIC_SOFTWARE_PATH}/filebeat-${version}-linux-x86_64/filebeat.yml
+}
+
+# 为 elk.elk 用户设置权限
+setPrivilegeForUser() {
+  chown -R elk.elk ${ELASTIC_SOFTWARE_PATH}
+  chown -R elk.elk /var/log/
+}
+######################################## MAIN ########################################
+version=6.1.1
+RUBY_SOFTWARE_PATH=/opt/software/ruby
+ELASTIC_SOFTWARE_PATH=/opt/software/elastic
+ELASTIC_SETTINGS_PATH=/opt/software/elastic/settings
+
+init
+
+installElasticsearch
+replaceElasticsearchConfig
+
+installLogstash
+replaceLogstashConfig
+
+installKibana
+replaceKibanaConfig
+
+installFilebeat
+replaceFilebeatConfig
+
+#setPrivilegeForUser

codes/deploy/elk/shutdown.sh

@@ -0,0 +1,27 @@
+#!/bin/bash -li
+
+app=$1
+
+checkInput() {
+  if [ "${app}" == "" ]; then
+    echo "请输入脚本参数：name"
+    echo "    name: 要终止的进程关键字（必填）。可选值：elasticsearch|logstash|kibana|filebeat"
+    echo "例：./shutdown.sh logstash"
+    exit 0
+  fi
+  if [ "${app}" != "elasticsearch" ] && [ "${app}" != "logstash" ] && [ "${app}" != "kibana" ] && [ "${app}" != "filebeat" ]; then
+    echo "name 输入错误"
+    echo "可选值：elasticsearch|logstash|kibana|filebeat"
+    exit 0
+  fi
+}
+
+shutdown() {
+  PID=`ps -ef | grep ${app} | awk '{ print $2}' | head -n 1`
+  kill -9 ${PID}
+}
+
+##############################__MAIN__########################################
+checkInput
+shutdown
+

codes/deploy/elk/startup.sh

@@ -0,0 +1,55 @@
+#!/bin/bash -li
+
+app=$1
+
+ELASTICSEARCH_BIN_PATH=/opt/software/elastic/elasticsearch-6.1.1/bin
+LOGSTASH_BIN_PATH=/opt/software/elastic/logstash-6.1.1/bin
+KIBANA_BIN_PATH=/opt/software/elastic/kibana-6.1.1-linux-x86_64/bin
+FILEBEAT_PATH=/opt/software/elastic/filebeat-6.1.1-linux-x86_64
+
+
+# 检查脚本输入参数
+checkInput() {
+  if [ "${app}" == "" ]; then
+    echo "请输入脚本参数：name"
+    echo "    name: 要启动的进程关键字（必填）。可选值：elasticsearch|logstash|kibana|filebeat"
+    echo "例：./shutdown.sh logstash"
+    exit 0
+  fi
+
+  if [ "${app}" != "elasticsearch" ] && [ "${app}" != "logstash" ] && [ "${app}" != "kibana" ] && [ "${app}" != "filebeat" ]; then
+    echo "name 输入错误"
+    echo "可选值：elasticsearch|logstash|kibana|filebeat"
+    exit 0
+  fi
+}
+
+# 检查文件是否存在，不存在则退出脚本
+checkFileExist() {
+  if [ ! -f "$1" ]
+  then
+    echo "关键文件 $1 找不到，脚本执行结束"
+    exit 0
+  fi
+}
+
+startup() {
+  if [ "${app}" == "elasticsearch" ]; then
+    checkFileExist ${ELASTICSEARCH_BIN_PATH}/elasticsearch
+    nohup sh ${ELASTICSEARCH_BIN_PATH}/elasticsearch >>${ELASTICSEARCH_BIN_PATH}/nohup.out 2>&1 &
+  elif  [ "${app}" == "logstash" ]; then
+    checkFileExist ${LOGSTASH_BIN_PATH}/logstash
+    nohup sh ${LOGSTASH_BIN_PATH}/logstash -f ${LOGSTASH_BIN_PATH}/logstash-input-tcp.conf >>${LOGSTASH_BIN_PATH}/nohup.out 2>&1 &
+  elif  [ "${app}" == "kibana" ]; then
+    checkFileExist ${KIBANA_BIN_PATH}/kibana
+    nohup sh ${KIBANA_BIN_PATH}/kibana >> ${KIBANA_BIN_PATH}/nohup.out 2>&1 &
+  elif  [ "${app}" == "filebeat" ]; then
+    checkFileExist ${FILEBEAT_PATH}/filebeat
+    touch ${FILEBEAT_PATH}/nohup.out
+    nohup ${FILEBEAT_PATH}/filebeat -e -c ${FILEBEAT_PATH}/filebeat.yml -d "publish" >> ${FILEBEAT_PATH}/nohup.out 2>&1 &
+  fi
+}
+
+##############################__MAIN__########################################
+checkInput
+startup